7 Most Common Ways Human Error Causes Data Leaks

In this article we take a look at some of the most common ways human error causes data breaches, along with providing some cyber security tips.

The world of technology affords businesses the opportunity to become more efficient, productive, and reach a wider audience. However, with all the benefits of technology, there are also drawbacks. One of the biggest threats to businesses today are cyber security threats online.

Businesses of all sizes can be targeted, and cyber criminals are becoming more sophisticated by the day. Suffering a cyber security attack, can have plenty of negative consequences for companies, from downtime to loss of revenue and even reputational damages.

GDPR data leaks are one of the most common results of a cyber attack and can easily land a business in trouble. There are various strict rules about data protection and consequences for preventable data leaks. In 2019, human error caused 90% of data leaks in the UK. In this article, we’ll explore the 7 most common ways human error causes data leaks, along with a few preventative ideas.

1. Lack of Training

Unless you train your employees on cyber security best practices, they could end up making mistakes that compromise your company’s data. Providing the whole company with cyber security training is a worthwhile investment, you could use a third-party service to offer workshops, or create in-house training guides.

As time goes by internet safety practices change, and so it’s worth investing in ongoing training, as opposed to a one-off session. A typical cyber security training workshop might cover areas such as:

  • The common types of cyberattacks, and how they happen
  • Ensuring that your devices are secure
  • Defence against phishing scams
  • Reporting cyber security incidents
  • Spotting the different types of cyber attack
  • Best practices to store sensitive docs (digital and physical)

2. Being Careless

In many cases, data leaks are simply caused by carelessness. Many organisations and companies have accidentally exposed sensitive data online, simply because they weren’t paying attention.

Back in 2016, the NHS Trust received a fine of £180,000 when a Sexual Health Clinic accidentally leaked the data of nearly 800 patients. According to UCL, ‘The disclosure was caused by a human error when a member of staff emailed the patients, entering their email addresses in the “To” field instead of the “BCC” meaning their addresses were visible to all the other recipients.’

3. Failing to Shred Documents

To some, shredding documents might seem like a tedious task, however it is in fact an incredibly important security practice. Unless sensitive documents are shredded before they are disposed of, you could find that your data is stolen and misused.

Businesses are advised to create company policies that explain how documents should be disposed of, to potential avoid security breaches. With close attention to detail, businesses can avoid mishaps.

4. Leaving Sensitive Documents on Show

Failing to properly store sensitive documents is another common cause of data leaks. Leaving sensitive documents lying around is never a good idea, and workplaces are best advised to put protocols in place, so that employees know what is expected of them. To ensure the correct handling of sensitive documents in the workplace, businesses should think about:

  • Controlling access, not everyone in the company will need access to the same information.
  • Ensure that the online delivery of sensitive documents is secure, (for instance by using encrypted file sharing programs).
  • Lockable storage files for physical documents.

5. Fooled by Phishing Emails

According to data from Terranova Security’s Gone Phishing Tournament, ‘almost 20% of all employees are likely to click on phishing email links and, of those, a staggering 67.5% go on to enter their credentials on a phishing website.’

Phishing emails can be incredibly convincing, bad actors might pose as a colleague, a company, or a social media platform. Luckily there are steps that companies can take to protect their companies against phishing attacks, such as:

  • Cloud based email security
  • Ensure secure gateways for email
  • Extra training on Phishing

6. Using Weak Passwords

Using weak passwords can easily lead to a data breach, and while many of us know this, we continue to use them. Whether it’s in the workplace, or when using the internet for personal use, there are plenty of ways to avoid using weak passwords:

  • Use a password manager system
  • Try a password generator
  • Employers can run password audits

7. Failing to Update Software

Hackers are easily able to exploit vulnerabilities in software, using these to stage a cyberattack. To protect users, software companies will put out updates on a regular basis. As soon as a software update is released, it’s vital that all users start running the update.

In 2017, Equifax failed to patch a security vulnerability that they were made aware of months before. Due to the error, hackers gained the personal information of over 140 million American citizens. If only the company had started to use the software patch when it was first released, this huge data breach would not have occurred.

Get your staff clued up on data protection…

As you can see, there are so many different ways that human error causes data breaches. From carelessness to outdated software and lack of training. Luckily, employers can secure their companies and protect their interests by educating themselves and their staff on cyber security best practices.

Avoiding the use of weak passwords and creating protocol to deal with sensitive documents is also incredibly important.

Experiencing a data breach can leave businesses with hefty expenses and reputational losses, which is why it’s important to pay attention to changing trends and best practices. Employers should ensure that they understand the rules in relation to the GDPR and the proper storage of personal data.